[FFmpeg-devel] [PATCH]lavc/jpeg2000dec: Fix jp2 inner atom size used for overread checks
Carl Eugen Hoyos
cehoyos at ag.or.at
Tue May 2 17:13:07 EEST 2017
Hi!
The atom2_size variable when reading the inner atoms of a jp2 header
is not reduced after reading the first 64 bit of the atom, the
variable is used later for several checks to avoid overreads.
Please comment, Carl Eugen
-------------- next part --------------
From 8519c62b141953ecbd47f4eb9572a54db29bfec3 Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <cehoyos at ag.or.at>
Date: Tue, 2 May 2017 16:09:11 +0200
Subject: [PATCH] lavc/jpeg2000dec: Fix jp2 inner atom size used for overread
checks.
---
libavcodec/jpeg2000dec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index e9f5f51..ab814ca 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1982,6 +1982,7 @@ static int jp2_find_codestream(Jpeg2000DecoderContext *s)
atom2_end = bytestream2_tell(&s->g) + atom2_size - 8;
if (atom2_size < 8 || atom2_end > atom_end || atom2_end < atom2_size)
break;
+ atom2_size -= 8;
if (atom2 == JP2_CODESTREAM) {
return 1;
} else if (atom2 == MKBETAG('c','o','l','r') && atom2_size >= 7) {
--
1.7.10.4
More information about the ffmpeg-devel
mailing list